[squid-users] Certificate transparency: problem for ssl-bumping, no effect, or?
L. A. Walsh
squid-user at tlinx.org
Mon Oct 31 22:13:49 UTC 2016
Google is pushing this for all websites by October 2017
One issue to be "caught" are subordinated CA certs that can
allow one vector for generating certs accepted by browsers w/o
importing any new certs.
Some of the info on the cert page:
https://www.certificate-transparency.org/what-is-ct
Seems to indicate that site-local generated and imported
certs may also be detected as invalid and be disallowed for
SSL connection approvals. That would be a major pain given
google's actions that seem to be hostile to end-user (or
end-site) web-caching.
(saw this on
http://www.theregister.co.uk/2016/10/31/google_certificate_transparency/
).
More information about the squid-users
mailing list